d3fend-model
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseD3FEND — Model
D3FEND — 建模
When to Use
适用场景
- Building or auditing asset inventories (hardware, software, network, data)
- Mapping network topology and logical/physical links
- Running vulnerability assessments and enumerating exposures
- Modeling operational dependencies and service mappings
- Assessing organizational cyber risk posture
- Analyzing container images and configurations
- 构建或审计资产清单(硬件、软件、网络、数据)
- 绘制网络拓扑及逻辑/物理链路
- 开展漏洞评估并枚举暴露风险
- 建模运营依赖关系及服务映射
- 评估组织网络安全风险态势
- 分析容器镜像及配置
When NOT to Use
不适用场景
- Implementing hardening controls →
d3fend-harden - Designing detection rules or monitoring →
d3fend-detect - Network segmentation or access mediation →
d3fend-isolate - Incident response or eviction actions →
d3fend-evict - General enterprise security program design →
cybersecurity
- 实施加固控制 →
d3fend-harden - 设计检测规则或监控方案 →
d3fend-detect - 网络分段或访问管控 →
d3fend-isolate - 事件响应或清除操作 →
d3fend-evict - 通用企业安全方案设计 →
cybersecurity
Core Workflows
核心工作流
1. Asset Inventory
1. 资产清单
| Asset Type | What to Capture | Tools |
|---|---|---|
| Hardware | Devices, firmware, components | Lansweeper, Nmap, agent-based discovery |
| Software | Installed apps, versions, licenses | SCCM, osquery, SBOM tools |
| Network | Nodes, interfaces, VLANs | Nmap, SNMP, network scanners |
| Data | Databases, file stores, sensitivity | Data classification tools |
| Containers | Images, registries, runtime inventory | Trivy, Docker Scout, Kubernetes APIs |
See
references/asset_inventory.md| 资产类型 | 需捕获内容 | 工具 |
|---|---|---|
| 硬件 | 设备、固件、组件 | Lansweeper、Nmap、基于Agent的发现工具 |
| 软件 | 已安装应用、版本、许可证 | SCCM、osquery、SBOM工具 |
| 网络 | 节点、接口、VLAN | Nmap、SNMP、网络扫描器 |
| 数据 | 数据库、文件存储、敏感度 | 数据分类工具 |
| 容器 | 镜像、镜像仓库、运行时清单 | Trivy、Docker Scout、Kubernetes APIs |
详见
references/asset_inventory.md2. Network Mapping
2. 网络映射
- Logical: Layer 3 topology, routing paths, traffic policies
- Physical: Cable runs, rack layouts, wireless coverage
- Active: Scanning, probing, traceroute
- Passive: NetFlow, ARP tables, DHCP logs
See
references/network_mapping.md- 逻辑层面:三层拓扑、路由路径、流量策略
- 物理层面:线缆走向、机架布局、无线覆盖范围
- 主动方式:扫描、探测、 traceroute
- 被动方式:NetFlow、ARP表、DHCP日志
详见
references/network_mapping.md3. Vulnerability Assessment
3. 漏洞评估
- Discovery → asset inventory
- Scanning → Nessus, Qualys, OpenVAS
- Analysis → CVSS scoring, exploitability, exposure
- Prioritization → threat intel, asset criticality
- Reporting → remediation timelines
See
references/vulnerability_assessment.md- 发现 → 资产清单
- 扫描 → Nessus、Qualys、OpenVAS
- 分析 → CVSS评分、可利用性、暴露程度
- 优先级排序 → 威胁情报、资产重要性
- 报告 → 修复时间线
详见
references/vulnerability_assessment.md4. Dependency & Risk Mapping
4. 依赖关系与风险映射
- Service dependencies: upstream/downstream services
- Operational: business process → IT asset mapping
- Data exchange: flows, interfaces, protocols
- Access modeling: who can access what
See
references/dependency_risk_mapping.md- 服务依赖:上游/下游服务
- 运营层面:业务流程→IT资产映射
- 数据交换:流向、接口、协议
- 访问建模:权限访问范围
详见
references/dependency_risk_mapping.mdWhen to load references
何时加载参考文档
- Asset inventory →
references/asset_inventory.md - Network mapping →
references/network_mapping.md - Vulnerability assessment →
references/vulnerability_assessment.md - Dependency & risk mapping →
references/dependency_risk_mapping.md
- 资产清单 →
references/asset_inventory.md - 网络映射 →
references/network_mapping.md - 漏洞评估 →
references/vulnerability_assessment.md - 依赖关系与风险映射 →
references/dependency_risk_mapping.md